X SS – name_directory_startswith parameter

  • Resolved Zielakpl

    (@zielakpl-1)


    9 years, 5 months ago

    Hello, we’ve found an issue in your plugin.

    The value of the name_directory_startswith request parameter is copied into the HTML document as plain text between tags.

    The payload
    008af<script>alert(1)</script>21de4
    was submitted in the name_directory_startswith parameter. This input was echoed unmodified in the application’s response.

    Some browsers block this behavior but it’s still an issue.

    https://www.ads-software.com/plugins/name-directory/

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘X SS – name_directory_startswith parameter’ is closed to new replies.